Clipboard abuse from websites
Many websites use JavaScript or CSS to stealthily insert or replace text in the user's clipboard whenever they copy information from the page. As far as I know this is ...

I wonder what happens what happens when I am changing my password on a Linux system. Basically all passwords are stored in a file called /etc/shadow or /etc/master.passwd in BSD-like systems as I do ...

Mosh has been around for a while now. Although it's claimed to be "a replacement for SSH" by its authors, mosh does actually depend on ssh to do the initial authentication, after which an instance of ...

What type of attacks are there that do not use open TCP or open UDP ports?
Is it safe to assume that no open ports means no remote access?
(Excluding the possibility that there is a badware already ...

I know one systems administrator who runs SSH Server on his workstation to push files to it and check things from a phone but I think it is a bad idea for several reasons:
An operations workstation ...

I came across this very alarming sounding thread which indicates a GPU with about half the compute capacity of the GPU currently powering the monitor I type this on is capable of 11.5k c/s.
I'm not ...

If I have a user on a unix system where Im allowed to create new files, what prevents me from downloading an executable file onto that system which is already SUID'ed to root on a different system?
...

It seems (to a non-expert) that /dev/random is acclaimed to be useable as a source of pure random data. However, I am curious as to the analysis of the file /dev/random.
/dev/random is a collection ...

I feel like this isn't the best place to ask this (since there's no single right answer), but I can't think of a better place. If you have a better recommendation, could you please recommend it and I ...

On Unix-esque systems, Mozilla Firefox stores a users' preferences, web history and stored passwords in a set of files that are readible and writeable by that particular user.
This makes sense: when ...

I have to exploit a very simple buffer overflow in a vulnerable C++ program for an assignment and I am not being able to find the environment variable SHELL.
I have never worked with BoF before, and ...

One of the core pieces of security in Unix/Linux systems is limiting privileges by user. For instance, certain actions can only be done by the root user. In theory, this can keep a malicious process ...

As far as I know, when I am creating a new file or directory in a directory that can be written by multiple users (and thus an adversary can have made a symlink there), the only way to protect myself ...

I've long been under the impression that with unix, you should never login as root.
Now I've started using Virtual Private Servers over at DigitalOcean, and some advice is to use SSH keys to login as ...

So I divided my 250GB laptop drive into 2 partitions and some swap. On the second partition which is an ext4 60GB partition I installed Fedora 17. On the other bigger NTFS partition I've got Win XP ...

I received an email the other day purporting to be from a bank I hadn't even heard of, so I decided to poke around. On some quick investigation, it looks like something has just latched onto some poor ...

If someone who knows about the BSD project has a moment to answer this, I'm wondering a few things about the encryption used. It's more than what I'm finding in the docs and on Wiki/Google (even the ...

I was reading "A taxonomy of Coding Errors" and I have a doubt regarding the point mentioned in C/C++ >> API Abuse >> Often Misused: Authentication(getlogin).
I fail to understand the attack vector ...

This may sound stupid for everyone who knows more than me about the UNIX-System and security in software:
Imagine you have a program trying to cause harm by deleting files. You just do something like ...

I'm testing some vulnerabilities on a machine which has the port 22333 opened (it's used as the ssh port, and I can connect to it without any problem and the telned command get connected):
$ telnet ...

I'm coding an exploit in python that exploits a command injection vulnerability for a CTF and I'm wondering how could I start a netcat listener and then send the payload to the remote host and once ...